program: syz_mount_image$hfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x30000c8, &(0x7f0000000100)=ANY=[], 0x11, 0x2c6, &(0x7f0000005bc0)="$eJzs3btuE08Ux/HfjJ3E/3+isCFBSJSBSNAgCA2iMUKueAIqBMRGirCCgCAuVUBUCEFPR8Er8BA0IF4AKioeIFSLZmbt9WXXNpbjjcP3I8XatWd2z3gvc46laAXgn3Wt9v3jpZ/uz0gllaTXVyQrqSKVJZ3Qycrjnd3t3WajPmhDJd/D/RmFnqavzdZOI6ur6+d7JCK3VtZS53vB4niDRK44jq/+KDoIFM5f/RmstKD5dL0yxZhG8WLMfnsTjmPWmH3t66mWi44DAFCsZP63IZPXUpK/WyttJNO+zw8O2/w/rv2iAzhw8cBPO+Z/X2XFxh3fY/6jtN7zJZz73LaqxFH2PNez7tNH25NgmmFVpY/F/nd3u9k4v3W/Wbd6qWqio9maf62HU7dlSLTrGbXpACOM3WRnlL5etXNuDJsh/ieSuuJfHXOPYzOfzVdz00R6r3o7/yvHxh0mf6SiniMV4r+Qv0U/ysi1UnLbqFartqvJit/JKXWWEsNGWcmuSNQ6o1bU/QNBNCxO3+t4T68wuotDeq1m9tpsreX0Wuvq5UbTPpvz93fQzFtzw6zrlz6p1pH/WxffhgZemelVYzbCVOC/8TCe+ezdlf02o76Zo/9yaX+LC3mh/+69p13/EA++zSHPG93RZS0/evb8XqnZbDx0C7czFh4std+ZeyVltil4QXvpOwuKvb7GrUlpmoGdm+gG3f1jaGN3lR2Kg3KkF2pfpnsiFbFQ8P0JU5Ee9KIjQUFc3mVC/ZfWK+WQ7LmXKDNPH/GHgGSLscux2xVc2jcOGbmk//+qglvMr+D6a66+mtHXXKfPSmdG32OUxHlEmJq+6Ra//wMAAAAAAAAAAAAAAAAAAMyaafw7QdFjBAAAAAAAAAAAAAAAAAAAAABg1rWf/6vW83812vN/e5+7Msnn/77bUfbzfwFM0p8AAAD//0gLf7E=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000080)='./bus\x00', 0x810084, &(0x7f0000000000)=ANY=[@ANYRES64=0x0, @ANYRES16=0x0, @ANYRES32=0x0, @ANYRESHEX, @ANYRES16=0x0, @ANYRES64, @ANYRES64], 0x1, 0x675, &(0x7f0000001280)="$eJzs3U9sHFcdB/DvrDd2NpTUTZM2RZUSNRIgIhI7JgVXQgSEUA4VqtoDNyQrcRorm7Q4LnIrRMP/aw/hiFQOPsEJiXukcuECtx7xsRKCSy+YC4tmdtbe2ruOHWyvUz6faPzemzfz3u/9dnZnd63IAf5vXT2f5oMUuXr+5eWyvboy015dmbndqyeZSNJImlVRpPhXp9P5ILmS7pbnkhT1cMWwee4vzL764cerH3VbzXqrjm9sd97O3Ku3nE0yVpeb3H7U8a4NHm/D0YcNV6yvsEzYuV7iYNSOJOlU/nG/u+cHf35ivadPa9DZD73ygcdA0b1vbjGZHKuf6OX7gO5dsXvPfqzdG3UAAAAAcACeXMtalnN81HEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46T4SmusLOqt0aufTdH7+//j9b7U9cPlzO4Of7BfcQAAAAAAAADAATqzlrUs53iv3Smq3/m/UDVOVj8/k7dyN/NZzIUsZy5LWcpippNM9g00vjy3tLQ43X/mxOAzLw0889JDAp2oy9YeLRwAAAAAAAAAPl1+mqsbv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDoEjGukW1nezVJ9NoJpnoHXcv+WuS8dFG+797MOoAAAAA4AA8uZa1LOd4r90pqs/8z1Sf+4/mrdzJUhaylHbmc736LqD7qb+xujLTXl2ZuV1uW8f95j93FUY1YrrfPQye+XR1RCs3slDtuZBreSPtXE+jOrN0uhfP4Lh+UsZUfKO2w8iu12W58vfqcot3d7XYYXb5ZcpklZEj6xmZqmMrs/HU9pnY5aOzeabpNNaDPblppk2LOPMoOT9Wl+V6fjks5yOxOROX+q6+Z7bPefKFP/7+ezfbd27dvHH3/OFZ0s6M1WWn+tnamomZvkw8283A91/7NGZii6kqE6fW21fznbyW8zmbV7KYhfwwc1nKfM7m21Vtrr6ei77vU4dcM1c+0XrlYZGM11do98HaXUwvVOcez0K+mzdyPfN5sfp3KdP5ai7ncmb7HuFTO3ilbQx51nc+OzD4c1+sK60kv6rLw6HM61N9ee1/zZ2s+vr3bGTpxN7fj5qfqyvlHD+ry8Nhcyam+zLx9PaZ+G31snK3fefW4s25N3c23Yn36kr5PPrFobpLlNfLifLBqlqfvDrKvqcH9k1XfSfX+xpb+k71+v72m1+/VB0z7Jk6Xr+Ha359dssdq+x7duAsM1Xf6b6+Qe+3ADj0jn3p2Hjr762/tN5v/bx1s/Xy0W9NfG3i+fEc+dORl5pTY59vPF/8Ie/nxxuf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEd39+13bs212/OLmyrNdN4d0rUvlf8M6SqS7OFcvT9nNvSYI3u+wOeeSA4mh1sr40kOfNKBlX93Op16T3EY4tm+0ilNpLPvczWTDOo6M/okjPiFCdh3F5duv3nx7tvvfHnh9tzr86/P35m9fHl2avbyizMXbyy056e6P0cdJbAfNm76o44EAAAAAAAAAAAA2KmD+O8Ew2c/epBLBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5TV8+n+SBFpqcuTJXt1ZWZdrn16htHNpM0khQ/SooPkivpbpnsG64YNs/9hdlXP/x49aONsZq94xvbnbcz9+otZ5OM1eVejXdtJ+P9brvOYn2FZcLO9RIHo/bfAAAA//8cYQWD") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180)='./file0/file0\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mkdir(&(0x7f0000002bc0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) openat$cgroup_ro(r2, &(0x7f00000000c0)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./bus\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file7\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) sendfile(r1, r1, 0x0, 0x80000000) bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = creat(&(0x7f0000000400)='./file0\x00', 0x5) syz_usb_connect(0x2, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094ba78084e080110aeed040003010902220001000000000904000001437b6a000905000000000000f60705d4"], 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x5, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r4, 0x40082102, &(0x7f0000000080)=r5) openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x4a240) syz_usb_connect(0x1, 0x36, &(0x7f0000000040)=ANY=[], 0x0) close_range(r3, 0xffffffffffffffff, 0x0) [ 88.759399][ T4703] Bluetooth: hci0: command tx timeout [ 88.901662][ T5358] loop0: detected capacity change from 0 to 64 [ 88.963383][ T5358] ======================================================= [ 88.963383][ T5358] WARNING: The mand mount option has been deprecated and [ 88.963383][ T5358] and is ignored by this kernel. Remove the mand [ 88.963383][ T5358] option from the mount to silence this warning. [ 88.963383][ T5358] ======================================================= [ 89.842554][ T5358] hfs: request for non-existent node 8 in B*Tree [ 89.846692][ T5358] hfs: request for non-existent node 8 in B*Tree [ 89.919945][ T5358] [ 89.921114][ T5358] ====================================================== [ 89.924517][ T5358] WARNING: possible circular locking dependency detected [ 89.928415][ T5358] syzkaller #0 Not tainted [ 89.930453][ T5358] ------------------------------------------------------ [ 89.933395][ T5358] syz.0.0/5358 is trying to acquire lock: [ 89.935752][ T5358] ffff8880365bc0b0 (&tree->tree_lock/1){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 89.939876][ T5358] [ 89.939876][ T5358] but task is already holding lock: [ 89.943460][ T5358] ffff8880332e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 89.948146][ T5358] [ 89.948146][ T5358] which lock already depends on the new lock. [ 89.948146][ T5358] [ 89.952869][ T5358] [ 89.952869][ T5358] the existing dependency chain (in reverse order) is: [ 89.956635][ T5358] [ 89.956635][ T5358] -> #1 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}: [ 89.960644][ T5358] lock_acquire+0x120/0x360 [ 89.963257][ T5358] __mutex_lock+0x187/0x1350 [ 89.965946][ T5358] hfs_extend_file+0xda/0x1230 [ 89.968726][ T5358] hfs_bmap_reserve+0x107/0x430 [ 89.971102][ T5358] __hfs_ext_write_extent+0x1fa/0x470 [ 89.973582][ T5358] __hfs_ext_cache_extent+0x6b/0x9b0 [ 89.976099][ T5358] hfs_extend_file+0x316/0x1230 [ 89.978318][ T5358] hfs_get_block+0x3d7/0xbd0 [ 89.980575][ T5358] __block_write_begin_int+0x6b5/0x1900 [ 89.983681][ T5358] cont_write_begin+0x789/0xb50 [ 89.986549][ T5358] hfs_write_begin+0x66/0xb0 [ 89.989276][ T5358] cont_write_begin+0x2fd/0xb50 [ 89.991801][ T5358] hfs_write_begin+0x66/0xb0 [ 89.994068][ T5358] generic_perform_write+0x2c5/0x900 [ 89.996630][ T5358] generic_file_write_iter+0x117/0x550 [ 89.999200][ T5358] vfs_write+0x5c9/0xb30 [ 90.001424][ T5358] __x64_sys_pwrite64+0x193/0x220 [ 90.003925][ T5358] do_syscall_64+0xfa/0x3b0 [ 90.006601][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.010643][ T5358] [ 90.010643][ T5358] -> #0 (&tree->tree_lock/1){+.+.}-{4:4}: [ 90.014285][ T5358] validate_chain+0xb9b/0x2140 [ 90.016623][ T5358] __lock_acquire+0xab9/0xd20 [ 90.018855][ T5358] lock_acquire+0x120/0x360 [ 90.021092][ T5358] __mutex_lock+0x187/0x1350 [ 90.023504][ T5358] hfs_find_init+0x184/0x200 [ 90.025887][ T5358] hfs_extend_file+0x2ee/0x1230 [ 90.028536][ T5358] hfs_bmap_reserve+0x107/0x430 [ 90.031062][ T5358] hfs_cat_create+0x1b3/0x640 [ 90.033488][ T5358] hfs_mkdir+0x6c/0xe0 [ 90.035724][ T5358] vfs_mkdir+0x303/0x510 [ 90.037946][ T5358] do_mkdirat+0x247/0x590 [ 90.040668][ T5358] __x64_sys_mkdir+0x6c/0x80 [ 90.043257][ T5358] do_syscall_64+0xfa/0x3b0 [ 90.045568][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.048062][ T5358] [ 90.048062][ T5358] other info that might help us debug this: [ 90.048062][ T5358] [ 90.053288][ T5358] Possible unsafe locking scenario: [ 90.053288][ T5358] [ 90.057143][ T5358] CPU0 CPU1 [ 90.059436][ T5358] ---- ---- [ 90.061617][ T5358] lock(&HFS_I(tree->inode)->extents_lock); [ 90.064278][ T5358] lock(&tree->tree_lock/1); [ 90.068188][ T5358] lock(&HFS_I(tree->inode)->extents_lock); [ 90.072506][ T5358] lock(&tree->tree_lock/1); [ 90.074397][ T5358] [ 90.074397][ T5358] *** DEADLOCK *** [ 90.074397][ T5358] [ 90.078006][ T5358] 4 locks held by syz.0.0/5358: [ 90.080263][ T5358] #0: ffff88803b252428 (sb_writers#12){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 90.084071][ T5358] #1: ffff8880332e8fa0 (&type->i_mutex_dir_key#8/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0 [ 90.088966][ T5358] #2: ffff8880365be0b0 (&tree->tree_lock){+.+.}-{4:4}, at: hfs_find_init+0x184/0x200 [ 90.094046][ T5358] #3: ffff8880332e8778 (&HFS_I(tree->inode)->extents_lock){+.+.}-{4:4}, at: hfs_extend_file+0xda/0x1230 [ 90.098611][ T5358] [ 90.098611][ T5358] stack backtrace: [ 90.100973][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 90.100991][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 90.100999][ T5358] Call Trace: [ 90.101007][ T5358] [ 90.101013][ T5358] dump_stack_lvl+0x189/0x250 [ 90.101028][ T5358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 90.101042][ T5358] ? __pfx__printk+0x10/0x10 [ 90.101058][ T5358] ? print_lock_name+0xde/0x100 [ 90.101082][ T5358] print_circular_bug+0x2ee/0x310 [ 90.101096][ T5358] check_noncircular+0x134/0x160 [ 90.101106][ T5358] validate_chain+0xb9b/0x2140 [ 90.101114][ T5358] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 90.101127][ T5358] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 90.101142][ T5358] __lock_acquire+0xab9/0xd20 [ 90.101159][ T5358] ? hfs_find_init+0x184/0x200 [ 90.101170][ T5358] lock_acquire+0x120/0x360 [ 90.101184][ T5358] ? hfs_find_init+0x184/0x200 [ 90.101195][ T5358] __mutex_lock+0x187/0x1350 [ 90.101210][ T5358] ? hfs_find_init+0x184/0x200 [ 90.101222][ T5358] ? hfs_find_init+0x184/0x200 [ 90.101233][ T5358] ? __pfx___mutex_lock+0x10/0x10 [ 90.101249][ T5358] ? rcu_is_watching+0x15/0xb0 [ 90.101260][ T5358] ? __kmalloc_noprof+0x29b/0x4f0 [ 90.101271][ T5358] ? hfs_find_init+0xaa/0x200 [ 90.101277][ T5358] hfs_find_init+0x184/0x200 [ 90.101284][ T5358] hfs_extend_file+0x2ee/0x1230 [ 90.101297][ T5358] ? __pfx_hfs_extend_file+0x10/0x10 [ 90.101309][ T5358] ? __mutex_lock+0x335/0x1350 [ 90.101326][ T5358] ? __pfx___mutex_lock+0x10/0x10 [ 90.101342][ T5358] hfs_bmap_reserve+0x107/0x430 [ 90.101358][ T5358] hfs_cat_create+0x1b3/0x640 [ 90.101371][ T5358] ? do_raw_spin_lock+0x121/0x290 [ 90.101384][ T5358] ? __pfx_hfs_cat_create+0x10/0x10 [ 90.101400][ T5358] ? _raw_spin_unlock+0x28/0x50 [ 90.101411][ T5358] ? hfs_new_inode+0x7c9/0xba0 [ 90.101426][ T5358] hfs_mkdir+0x6c/0xe0 [ 90.101439][ T5358] vfs_mkdir+0x303/0x510 [ 90.101451][ T5358] do_mkdirat+0x247/0x590 [ 90.101462][ T5358] ? __pfx_do_mkdirat+0x10/0x10 [ 90.101473][ T5358] ? strncpy_from_user+0x150/0x290 [ 90.101485][ T5358] ? getname_flags+0x1e5/0x540 [ 90.101500][ T5358] __x64_sys_mkdir+0x6c/0x80 [ 90.101512][ T5358] do_syscall_64+0xfa/0x3b0 [ 90.101524][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 90.101533][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.101540][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 90.101547][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 90.101555][ T5358] RIP: 0033:0x7f8ae998ebe9 [ 90.101564][ T5358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.101570][ T5358] RSP: 002b:00007f8ae5df5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 90.101579][ T5358] RAX: ffffffffffffffda RBX: 00007f8ae9bb5fa0 RCX: 00007f8ae998ebe9 [ 90.101584][ T5358] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000002bc0 [ 90.101588][ T5358] RBP: 00007f8ae9a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 90.101593][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.101597][ T5358] R13: 00007f8ae9bb6038 R14: 00007f8ae9bb5fa0 R15: 00007ffc0c111308 [ 90.101604][ T5358] [ 90.266660][ T5358] syz.0.0: attempt to access beyond end of device [ 90.266660][ T5358] loop0: rw=0, sector=27869, nr_sectors = 1 limit=64 [ 90.273518][ T5358] Buffer I/O error on dev loop0, logical block 27869, async page read [ 90.278286][ T5358] syz.0.0: attempt to access beyond end of device [ 90.278286][ T5358] loop0: rw=0, sector=27871, nr_sectors = 1 limit=64 [ 90.283815][ T5358] Buffer I/O error on dev loop0, logical block 27871, async page read [ 90.287151][ T5358] syz.0.0: attempt to access beyond end of device [ 90.287151][ T5358] loop0: rw=0, sector=27872, nr_sectors = 1 limit=64 [ 90.292272][ T5358] Buffer I/O error on dev loop0, logical block 27872, async page read [ 90.298141][ T5358] syz.0.0: attempt to access beyond end of device [ 90.298141][ T5358] loop0: rw=0, sector=27869, nr_sectors = 1 limit=64 [ 90.303853][ T5358] Buffer I/O error on dev loop0, logical block 27869, async page read [ 90.307161][ T5358] syz.0.0: attempt to access beyond end of device [ 90.307161][ T5358] loop0: rw=0, sector=27871, nr_sectors = 1 limit=64 [ 90.313567][ T5358] Buffer I/O error on dev loop0, logical block 27871, async page read [ 90.317619][ T5358] syz.0.0: attempt to access beyond end of device [ 90.317619][ T5358] loop0: rw=0, sector=27872, nr_sectors = 1 limit=64 [ 90.323133][ T5358] Buffer I/O error on dev loop0, logical block 27872, async page read [ 90.328403][ T5358] syz.0.0: attempt to access beyond end of device [ 90.328403][ T5358] loop0: rw=0, sector=27869, nr_sectors = 1 limit=64 [ 90.338260][ T5358] Buffer I/O error on dev loop0, logical block 27869, async page read [ 90.341899][ T5358] syz.0.0: attempt to access beyond end of device [ 90.341899][ T5358] loop0: rw=0, sector=27871, nr_sectors = 1 limit=64 [ 90.347551][ T5358] Buffer I/O error on dev loop0, logical block 27871, async page read [ 90.351106][ T5358] syz.0.0: attempt to access beyond end of device [ 90.351106][ T5358] loop0: rw=0, sector=27872, nr_sectors = 1 limit=64 [ 90.358384][ T5358] Buffer I/O error on dev loop0, logical block 27872, async page read [ 90.365110][ T5358] syz.0.0: attempt to access beyond end of device [ 90.365110][ T5358] loop0: rw=0, sector=27869, nr_sectors = 1 limit=64 [ 90.370777][ T5358] Buffer I/O error on dev loop0, logical block 27869, async page read [ 90.672597][ T5350] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 90.824533][ T5350] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 90.830358][ T5350] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84 [ 90.835478][ T5336] Bluetooth: hci0: command tx timeout [ 90.840365][ T5350] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 90.846023][ T5350] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 162, setting to 64 [ 90.851129][ T5350] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 90.858199][ T5350] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 90.862133][ T5350] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=3 [ 90.866099][ T5350] usb 5-1: Manufacturer: syz [ 90.868213][ T5350] usb 5-1: SerialNumber: syz [ 90.878353][ T5350] usb 5-1: config 0 descriptor?? [ 90.882215][ T5358] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 90.887747][ T5350] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input5 [ 91.192170][ T5368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.198355][ T5368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.794002][ T9] cfg80211: failed to load regulatory.db [ 92.209790][ T26] audit: type=1326 audit(1756144847.914:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5357 comm="syz.0.0" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ae998ebe9 code=0x7fc00000 [ 92.243964][ T5350] usb 5-1: USB disconnect, device number 2